<?php
/*
 * [JINYUN!] (C)2001-2099 Jinyunweb.com
 * This is NOT a freeware, use is subject to license terms
 * $Id: 2017-12-13 03:39:35 apple $
*/
//账户设置
defined('BY_JYA') or exit('error');
$_RQ['op']=$_RQ['op']?$_RQ['op']:'get';
$return=array();
if($_RQ['op']=='get'){
	//修改密码
	$return['item']=pdo_get('core_users',array('id'=>$_SESSION['uid']),array('name','password','mobile'));
	$return['item']['password']=$return['item']['password']?1:0;
	$htmls=array(
		'type'=>'edit',
		'post'=>'post',
		'desc'=>'密码修改',
		'tabs'=>array(
			array('op'=>'get','title'=>'修改密码'),
		),
		'edit'=>array(
			array('type'=>'string','title'=>'帐号','name'=>'name', 'help'=>''),
			array('type'=>'password','title'=>'原密码','name'=>'passwd', 'help'=>'','show'=>array('password'=>1)),
			array('type'=>'password','title'=>'新密码','name'=>'passwd1', 'help'=>'' ),
			array('type'=>'password','title'=>'确认密码','name'=>'passwd2', 'help'=>'' ),
		)
	);
	if($_SESSION['user']['type']==3 || $_SESSION['isfounder']){
		//如果系统开启了微信登陆且当前账号未绑定微信，可以在此处绑定微信，以后通过微信登陆
		if($_AR['system']['wechat_login']){
			$wechat_openid=pdo_getcolumn('core_open_user',array('uniacid'=>$_SESSION['uniacid'],'open_id'=>1001),'open_uid');
			if(!$wechat_openid){
				$htmls['tabs'][]=array('op'=>'wechat_login','title'=>'绑定微信账号');
			}else{
				$htmls['tabs'][]=array('op'=>'del_wechat_login','title'=>'解绑微信账号');
			}
		}
		if($_AR['system']['qq_login']){
			$qq_openid=pdo_getcolumn('core_open_user',array('uniacid'=>$_SESSION['uniacid'],'open_id'=>1002),'open_uid');
			if(!$qq_openid){
				$htmls['tabs'][]=array('op'=>'qq_login','title'=>'绑定QQ账号');
			}else{
				$htmls['tabs'][]=array('op'=>'del_qq_login','title'=>'解绑QQ账号');
			}
		}
		if($_AR['system']['mobile_code']){
			
			if(!$return['item']['mobile']){
				$htmls['tabs'][]=array('op'=>'mobile_login','title'=>'绑定手机号');
			}else{
				$htmls['tabs'][]=array('op'=>'del_mobile_login','title'=>'解绑手机号');
			}
		}
		if($_AR['system']['wechat_scan_login']){
			$wechat_openid=pdo_getcolumn('core_open_user',array('uniacid'=>$_SESSION['uniacid'],'open_id'=>1003),'open_uid');
			if(!$wechat_openid){
				$htmls['tabs'][]=array('op'=>'wechat_scan_login','title'=>'绑定微信一键登陆');
			}else{
				$htmls['tabs'][]=array('op'=>'del_wechat_scan_login','title'=>'解绑微信一键登录');
			}
		}
	}
	
	$return['htmls']=$htmls;
	exi($return);
}
if($_RQ['op']=='post') {
	$postdata=get_postdata();
	if(!$postdata['name'] || !$postdata['passwd1'] || !$postdata['passwd2']){
		exi('参数错误，请输入新的账号和密码！','error');
	}
	if($postdata['passwd1'] != $postdata['passwd2']){
		exi('两次密码输入不一致，修改失败！','error');
	}
	$user=pdo_get('core_users',array('id'=>$_SESSION['uid']),array('name','password','salt'));
	$update=array();
	if($user['name']!=$postdata['name']){
		//如果修改了账号，检查新账号是否合法
		if(!preg_match('/^[\x{4e00}-\x{9fa5}a-z\d_\.]{3,15}$/iu', $postdata['name'])){
			exi('必须输入用户名，格式为 3-15 位字符，可以包括汉字、字母（不区分大小写）、数字、下划线和句点。','error');
		}
		$check=pdo_getcolumn('core_users',array('name'=>$postdata['name']),'id');
		if($check){
				exi('该用户名已被使用，请更换！','error');
		}
		$update['name']=$postdata['name'];
	}
	if($user['password']){
		//已设置密码，检查原密码是否正确
		if(!$postdata['passwd']){
			exi('请输入原密码！','error');
		}
		$ps=get_password($postdata['passwd'],$user['salt']);
		if($ps!=$user['password']){
			exi('原密码错误，修改失败！','error');
		}
	}
	$salt=random(10);
	$ps=get_password($postdata['passwd1'],$salt);
	$update['salt']=$salt;
	$update['password']=$ps;
	pdo_update('core_users',$update,array('id'=>$_SESSION['uid']));
	exi('账号密码修改成功！');
}
if($_RQ['op']=='wechat_login'){
	if(!$_AR['system']['wechat_login']){
		exi('系统暂不支持微信登陆！','error');
	}
	if($_RQ['step']=='local_back'){
		if(!$_RQ['code']){
			exi('授权登陆失败！','error','get');
		}
		$setting=core_setting('system');
		$api="https://api.weixin.qq.com/sns/oauth2/access_token?appid={$setting['wechat_login_appid']}&secret={$setting['wechat_login_appsecret']}&code={$_RQ['code']}&grant_type=authorization_code";
		$result=file_get_contents($api);
		$result=json_decode($result,true);
		if($result['errcode']){
			exi($result['errmsg'],'error','get');
		}
		//获取openid后转至正常处理流程
		$_RQ['openid']=$result['openid'];
		$_RQ['step']='cloud_back';
	}
	if($_RQ['step']=='cloud_back'){
		$_SESSION['access']=array();
		if($_RQ['openid']){
			//获得openid，为用户登陆
			$openid=trim($_RQ['openid']);
			$check=pdo_getcolumn('core_open_user',array('open_id'=>1001,'open_uid'=>$openid),'id');
			if($check){
				exi('绑定失败！该微信已绑定系统其他账户！','','./index.php');
			}
			$user=array(
				'uniacid'=>$_SESSION['uniacid'],
				'open_id'=>1001,
				'open_uid'=>$openid,
			);
			pdo_insert('core_open_user',$user);
		}else{
			exi('绑定失败！','','./index.php');
		}
		//跳转首页
		exi('绑定成功！','','./index.php');
	}
	//微信授权登陆
	$setting=core_setting('system');
	if($setting['wechat_login_appid'] && $setting['wechat_login_appsecret']){
		$back_url=urlencode(SITEROOT.'manage/index.php?plugin=core&action=account.user&op=wechat_login&step=local_back');
		$url="https://open.weixin.qq.com/connect/qrconnect?appid={$setting['wechat_login_appid']}&redirect_uri={$back_url}&response_type=code&scope=snsapi_login&state=state#wechat_redirect";
	}else{
		$back_url=SITEROOT.'manage/index.php?plugin=core&action=account.user&op=wechat_login&step=cloud_back';
		$url=cloud_request('cloud.login.wechat',array('back_url'=>$back_url));
	}
	exi('','',$url);
}
if($_RQ['op']=='wechat_scan_login'){
	if(!$_AR['system']['wechat_scan_login']){
		exi('系统暂不支持微信一键登陆！','error');
	}
	if($_RQ['postdata']){
		$post=get_postdata();
		if(!$post['openid']){
			exi('绑定失败，获取用户openid失败！','error');
		}
		$openid=cfc('tools')->base64_decode($post['openid'],BASE64_KEY);
		$check=pdo_getcolumn('core_open_user',array('open_id'=>1003,'open_uid'=>$openid),'id');
		if($check){
			exi('绑定失败！该微信已绑定系统其他账户！','error');
		}
		$user=array(
			'uniacid'=>$_SESSION['uniacid'],
			'open_id'=>1003,
			'open_uid'=>$openid,
		);
		pdo_insert('core_open_user',$user);
		exi('绑定成功！','','get');
	}
	$return['item']=array('openid'=>'');
	$return['session_id']=$_SESSION['uid'];
	exi($return);
}
if($_RQ['op']=='del_wechat_login'){
	pdo_delete('core_open_user',array('uniacid'=>$_SESSION['uniacid'],'open_id'=>1001));
	exi('解绑微信账号成功！','','get');
}
if($_RQ['op']=='del_wechat_scan_login'){
	pdo_delete('core_open_user',array('uniacid'=>$_SESSION['uniacid'],'open_id'=>1003));
	exi('解绑微信一键登录成功！','','get');
}
if($_RQ['op']=='qq_login'){
	if(!$_AR['system']['qq_login']){
		exi('系统暂不支持qq登陆！','error');
	}
	if($_RQ['step']=='local_back'){
		if(!$_RQ['code']){
			exi('授权登陆失败！','error','get');
		}
		$setting=core_setting('system');
		$back_url=urlencode(SITEROOT.'manage/index.php?plugin=core&action=user.login&op=qq_login&step=local_back');
		$url="https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&client_id={$setting['qq_login_appid']}&client_secret={$setting['qq_login_appsecret']}&code={$_RQ['code']}&redirect_uri={$back_url}";
		$res=file_get_contents($url);
		$res=explode('&',$res);
		$result=array();
		foreach($res as $row){
			$row=explode('=',$row);
			$result[$row['0']]=$row['1'];
		}
		$url='https://graph.qq.com/oauth2.0/me?access_token='.$result['access_token'];
		$res=file_get_contents($url);
		$res=substr($res,9,-3);
		$res=json_decode($res,true);
		//获取openid后转至正常处理流程
		$_RQ['openid']=$res['openid'];
		$_RQ['step']='cloud_back';
	}
	if($_RQ['step']=='cloud_back'){
		$_SESSION['access']=array();
		if($_RQ['openid']){
			//获得openid，为用户登陆
			$openid=trim($_RQ['openid']);
			$check=pdo_getcolumn('core_open_user',array('open_id'=>1002,'open_uid'=>$openid),'id');
			if($check){
				exi('绑定失败！该微信已绑定系统其他账户！','','./index.php');
			}
			$user=array(
				'uniacid'=>$_SESSION['uniacid'],
				'open_id'=>1002,
				'open_uid'=>$openid,
			);
			pdo_insert('core_open_user',$user);
		}else{
			exi('绑定失败！','','./index.php');
		}
		//跳转首页
		exi('绑定成功！','','./index.php');
	}
	//QQ授权登陆
	$setting=core_setting('system');
	if($setting['qq_login_appid'] && $setting['qq_login_appsecret']){
		$back_url=urlencode(SITEROOT.'manage/index.php?plugin=core&action=account.user&op=qq_login&step=local_back');
		$url="https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id={$setting['qq_login_appid']}&redirect_uri={$back_url}&state=state";
	}else{
		$back_url=SITEROOT.'manage/index.php?plugin=core&action=account.user&op=qq_login&step=cloud_back';
		$url=cloud_request('cloud.login.qq',array('back_url'=>$back_url));
	}
	exi('','',$url);
}
if($_RQ['op']=='del_qq_login'){
	pdo_delete('core_open_user',array('uniacid'=>$_SESSION['uniacid'],'open_id'=>1002));
	exi('解绑QQ账号成功！','','get');
}
if($_RQ['op']=='mobile_login'){
	//绑定手机号
	if($_RQ['postdata']){
		$post=get_postdata();
		if(!$post['smscode']){
			exi('请先输入验证码！','error');
		}
		if(!check_sms_code($post['smscode'])){
			exi('输入验证码有误！','error');
		}
		$check=pdo_getcolumn('core_users',array('mobile'=>$post['mobile']),'id');
		if($check){
			exi('该手机号已被使用，请更换！','error');
		}
		pdo_update('core_users',array('mobile'=>intval($post['mobile'])),array('id'=>$_SESSION['uid']));
		exi('手机号绑定成功！','','get');
	}
	$oldmobile=pdo_getcolumn('core_users',array('id'=>$_SESSION['uid']),'mobile');
	$return['item']=array('oldmobile'=>$oldmobile);
	$return['htmls']=array(
		'type'=>'edit',
		'desc'=>'绑定手机号',
		'tabs'=>array(
			array('op'=>'get','title'=>'修改密码'),
		),
		'edit'=>array(
			array('type'=>'mobile','name'=>'mobile','title'=>'手机号','mobile_name'=>'mobile'),
		),
	);
	exi($return);
}
if($_RQ['op']=='del_mobile_login'){	
	if($_RQ['postdata']){
		$post=get_postdata();
		if(!$post['smscode']){
			exi('请先输入验证码！','error');
		}
		if(!check_sms_code($post['smscode'])){
			exi('输入验证码有误！','error');
		}
		$check=pdo_getcolumn('core_users',array('mobile'=>$post['mobile']),'id');
		if($check!=$_SESSION['uid']){
			exi('手机号码不存在，无法解除！','error');
		}
		pdo_update('core_users',array('mobile'=>''),array('id'=>$_SESSION['uid']));
		exi('解绑成功！','','goback');
	}
	$return['item']=pdo_get('core_users',array('id'=>$_SESSION['uid']),array('mobile'));
	if(!$return['item']['mobile']){
		exi('您尚未绑定手机号，无法解绑！请先绑定！','error','mobile');
	}
	$return['htmls']=array(
		'type'=>'edit',
		'desc'=>'解绑手机号',
		'tabs'=>array(
			array('op'=>'base','title'=>'修改密码'),
		),
		'edit'=>array(
			array('type'=>'string','name'=>'mobile','title'=>'手机号','read'=>true),
			array('type'=>'mobile_code','name'=>'smscode','title'=>'验证码','send_op'=>'send_code','mobile_name'=>'mobile','help'=>''),
		),
	);
	exi($return);
}